Database Administrators Stack Exchange is a question and answer site for database professionals who wish to improve their database skills and learn from others in the community. It's 100% free, no registration required.

For a website, I have multiple elements that need to be moderated by many different users.
Until now, I have always used Role-Based Access Control (RBAC) model but I want a more flexible model. I would like to be able to assign some user with some specific rights on particular ressources and after be able to remove/add rights as I want.

For example an element would be a blog with articles. There is the author of the articles who has full rights on his article but I would like to be able to add another user for that article with update right on it. And that for all elements in my website.

Here is what I have:

Elements are 'page', 'article', 'anotherElement'. 'Ownership' is the table where each user has what he can do. 'Right' is the table with specific right (read, write, ...). 'Category' is not important, only to subclass my elements.

Is here a better way to do this? The problem will be the size of table 'ownership' after a certain time.

Link to table OwnershipType wich tells me if it's an access on ownership, for all ressources or only a specific ressource ID

Link to table User

An ID in case OwnershipType is only a specific ressource

To manage groups, I didn't want to create more tables, what I found clever was to consider a group as a user and assign it some ownerships. To add a user to a group, I have a Parent table wich link a user to another (in this case that user is in fact a 'group'). It explains why I have a UserType table. It tells me if it's a group or a normal user.
In my code I just have to check if a user has a parent and if so add its ownership to the user's ones.
That concept let me having some global ownership on many user who are linked to a group and still have really specific ownership on certain user.

If people are interested I can explain how I implemented that concept in my website, it's quite simple and clean.